Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix CVE #10043

Merged
merged 1 commit into from Oct 4, 2022
Merged

Fix CVE #10043

merged 1 commit into from Oct 4, 2022

Conversation

sbrunner
Copy link
Member

-> Vulnerability found in lxml version 4.6.5
Vulnerability ID: 50748
Affected spec: <4.9.1
ADVISORY: Lxml 4.9.1 include a fix for CVE-2022-2309: NULL Pointer
Dereference allows attackers to cause a denial of service (or application...
CVE-2022-2309
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-2309/50748/

-> Vulnerability found in mako version 1.1.4
Vulnerability ID: 50870
Affected spec: <1.2.2
ADVISORY: Mako 1.2.2 includes a fix for a REDoS
vulnerability.sqlalchemy/mako#366
PVE-2022-50870
For more information, please visit
https://pyup.io/vulnerabilities/PVE-2022-50870/50870/

-> Vulnerability found in ujson version 5.2.0
Vulnerability ID: 49755
Affected spec: <5.4.0
ADVISORY: Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions
prior to 5.4.0 an error occurring while reallocating a buffer for string...
CVE-2022-31117
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-31117/49755/

-> Vulnerability found in ujson version 5.2.0
Vulnerability ID: 49754
Affected spec: <5.4.0
ADVISORY: Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect
handling of invalid surrogate pair...
CVE-2022-31116
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-31116/49754/

@sbrunner
Fix CVE
4fca438 
  -> Vulnerability found in lxml version 4.6.5
     Vulnerability ID: 50748
     Affected spec: <4.9.1
     ADVISORY: Lxml 4.9.1 include a fix for CVE-2022-2309: NULL Pointer
     Dereference allows attackers to cause a denial of service (or application...
     CVE-2022-2309
     For more information, please visit
     https://pyup.io/vulnerabilities/CVE-2022-2309/50748/

  -> Vulnerability found in mako version 1.1.4
     Vulnerability ID: 50870
     Affected spec: <1.2.2
     ADVISORY: Mako 1.2.2 includes a fix for a REDoS
     vulnerability.sqlalchemy/mako#366
     PVE-2022-50870
     For more information, please visit
     https://pyup.io/vulnerabilities/PVE-2022-50870/50870/

  -> Vulnerability found in ujson version 5.2.0
     Vulnerability ID: 49755
     Affected spec: <5.4.0
     ADVISORY: Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions
     prior to 5.4.0 an error occurring while reallocating a buffer for string...
     CVE-2022-31117
     For more information, please visit
     https://pyup.io/vulnerabilities/CVE-2022-31117/49755/

  -> Vulnerability found in ujson version 5.2.0
     Vulnerability ID: 49754
     Affected spec: <5.4.0
     ADVISORY: Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect
     handling of invalid surrogate pair...
     CVE-2022-31116
     For more information, please visit
     https://pyup.io/vulnerabilities/CVE-2022-31116/49754/
@sbrunner sbrunner marked this pull request as ready for review October 4, 2022 14:11
@sbrunner sbrunner merged commit 1811b69 into 2.6 Oct 4, 2022
@sbrunner sbrunner deleted the audit26 branch October 4, 2022 14:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@sbrunner